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DETAILED ACTION 



1 . In view of the Appeal Brief filed on 2/6/2008, PROSECUTION IS HEREBY 
REOPENED. The new grounds of rejection are set forth below. 
To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed by an 
appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and appeal 
brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 
CFR 41 .20 have been increased since they were previously paid, then appellant must 
pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 



/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 
Kristine Kincaid. 



2. 



Claims 1-11, 13-24, 26-29 have been examined. Claims 12 and 25 are cancelled. 
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Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 29 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 29 is directed to "a recordable computer readable medium storing the 
program code." The Specification does not define "a recordable computer readable 
medium", and it is not clear what is generally meant by that phrase. Note that the 
Specification defines "recordable type media". 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claim 29 is rejected as being directed to non-statutory subject matter. Claim 29 
recites a program product comprising a program code and "a recordable computer 
readable medium". The specification does not clearly specify "a recordable computer 
readable medium", and it is not clear if it encompasses signals, or transmission 



Application/Control Number: 1 0/671 ,343 Page 4 

Art Unit: 2139 

mediums. The Specification, defines a "recordable type media". Therefore, replacing "a 
recordable computer readable medium" with "recordable type media" would meet the 
statutory requirements. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1-3, 6-10, 14-15, 16, 19-23, 27-29 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Chan (US Patent No. 5,713,018, dated Jan. 27, 1998), in view 
of Urano (US Patent No. 6,289,379, dated Sep. 1 1 , 2001 ). 

In reference to claim 1 : 

Chan discloses a method of executing a query in a database management system, the 
method comprising: 

Receiving an SQL statement from an application program coupled to the 
database management system, where the SQL statements are received from a client 
through the clients' DBMS access program. (Column 2, lines 48-67) 

Executing the SQL program. (Column 1, lines 65-67) 

Encrypting the SQL statement to generate an encrypted representation of the 
SQL statement, where the SQL is encrypted into an encrypted SQL string. (Chan 
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Column 3, lines 1 1-51 shows encryption of SQL statements by the client to secure the 
statements from access by an unauthorized user.) 

Chan however, does not explicitly teach logging execution of the SQL statement 
in a database monitor by storing the encrypted representation of the SQL statement in 
an execution log managed by the database monitor. Urano teaches a system, collecting 
log information for monitoring computer systems (see abstract, col. 1 lines 9-1 1 , col. 1 
lines 60-68, or col. 4 lines 44 to 52.). Urano col. 7 lines 35 to 41 also teach an 
embodiment that includes encrypting the execution records before logging them to 
protect the logs. Therefore, Urano teaches a monitoring system that encrypts execution 
records and logs them for the purpose of monitoring computer systems. 

Chan and Urano are analogous art, as they are both directed to protection and secure 
access to information in computer systems. At the time of invention, it would have been 
obvious to the one skilled in art to enhance Chan's database management system, 
which uses SQL statements to submit database commands and return the result of the 
commands to the client, by encrypting and logging the execution results (SQL 
statements), as suggested by Urano. Note that Chan already teaches the one skilled in 
art how to encrypt the SQL statements. Also note that Chan verifies (monitors) SQL 
commands for their validity before execution and returning the SQL commands to the 
client (See Chan Fig. 4 and associated text, particularly, items 254, 256, and 258). The 
motivation to combine would be monitoring the operations of Chan's server computer 
and collecting and logging execution records. The execution records are useful for 
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detecting errors or attacks (as they describe the events related to execution process), 
and reporting them for mitigation, as suggested by, for example, Urano col. 7 lines 27 
to 35 60 to col. 2 line 45.) 

displaying the execution log, including retrieving the encrypted 
representation of the SQL statement from the execution log, decrypting the 
encrypted representation of the SQL statement to generate an unencrypted 
representation of the SQL statement, and displaying the unencrypted representation 
of the SQL statement (Urano col. 7 line 60 to col. 8 line 2 teaches decryption and 
display of logs to the administrator for the purpose of error or attack detection. 
Therefore, the combination teaches decrypting the SQL statements and displaying them 
to the Administrator.) 

In reference to claim 2: 

Chan in view of Urano (Chan Column 3, lines 1 2-37) discloses the method of claim 1 , 
further Comprising encrypting at least one value passed to one of host variable and a 
parameter marker used by the SQL statement, wherein logging execution of the SQL 
statement further comprises storing the encrypted value in the execution log, where the 
SQL statement is the value passed to the host variable, the encrypted SQL string also 
known as the constant string (Chan Column 3, lines 50-55) and the parameter markers 
which are used for the arguments. Note also that Urano teaches encrypting the log 
records, which would include the entire SQL statement. 
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In reference to claim 3: 

Requirements of claim 3 are substantially the same as requirements of claim 1 . 
In reference to claim 6: 

Chan in view of Urano discloses the method of claim 3, wherein generating the 
encrypted representation is performed prior to communicating the query to the database 
management system (Chan teaches encrypting the SQL statements by client before 
they are communicated to the server.) 

In reference to claim 7: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution 
detail comprises a query Statement, where the query statement is the SQL or 
"structured query" statement. 

In reference to claim 8: 

Chan in view of Urano discloses the method of claim 3, wherein the execution detail 
comprises a value passed to a host variable during execution of the query (Column 3, 
lines 12-60, where the host variable is the encrypted SQL string, and the value passed 
to the variable is the value of the function Encrypt()). 

In reference to claim 9: 
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Chan in view of Urano discloses the method of claim 3, wherein the execution detail 
comprises a value passed to a host variable during execution of the query (Column 3, 
lines 12-60, where the host variable is the encrypted SQL string, and the value passed 
to the variable is the value of the function EncryptQ). 



In reference to claim 10: 

Chan in view of Urano discloses the method of claim 3, further comprising logging a 
second execution detail for the query in the execution log in an unencrypted 
representation (Urano teaches two embodiments, one before col. 7 line 35, which does 
not encrypt the logged execution records, and another embodiment, detailed after col. 7 
line 35, in which the logged records are encrypted. Therefore, it makes it obvious to the 
one skilled in art to create one encrypted set of logged records, and another 
unencrypted set of logged records. In fact, an unencrypted set of logged records must 
be created before an encrypted set can be generated by encrypting the unencrypted 
set). 



In reference to claim 14: 

Chan in view of Urano discloses the method of claim 3, further comprising determining if 
database monitoring is enabled in the database management system, wherein 
generating the encrypted representation is performed if it is determined that database 
monitoring is enabled (Urano at col. 4 lines 30 to 52 teach the option that allows a 
selection of log files to be collected and sent for analysis and eventually encrypted. 
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Therefore it teaches an enablement feature that when activated causes encryption of 
the logs. 

In reference to claim 15: 

Chan in view of Urano discloses the method of claim 3, wherein the query comprises an 
SQL statement (Chan column 3, lines 12-60 shows that SQL statements are used for 
database query). 

In reference to claim 16, 19-23, 27-29: 

Requirements of claims 16, 1 9-23, 27-29 are substantially the same as claims 1 -3, 6-1 0, 
12, and 14-15 above. 

9. Claims 4-5, 1 1 , 13, 17, 18, 24 and 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Chan (US Patent No. 5,713,018, dated Jan. 27, 1998), in view 
of Urano (US Patent No. 6,289,379, dated Sep. 11, 2001), and further in view of 
Examiner's Official Notice. 

In reference to claim 4: 

Chan in view of Urano fails to explicitly disclose the method of claim 3, further 
comprising receiving the query in an unencrypted form from an application program in 
communication with the database management system. 

However, the Examiner takes official notice that receiving an SQL query in unencrypted 
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form was well known at the time of the invention. In fact it was the state of the prior art. 
Chan attempts to provide some measure of security in executing SQL statements by a 
DBMS. The prior art comprises transmitting and receiving these commands in 
unencrypted form. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
add the teaching of receiving the query in unencrypted form in order to provide the 
advantage of speeding up processing and execution times without the added overhead 
of implemented security, to the modified method of Chan in view of Urano. 

In reference to claim 5: 

Chan in view of Urano discloses the method of claim 4, wherein generating the 
encrypted representation is performed after communicating the query to the database 
management system. As discussed in reference to claim 1 , the combination of Chan in 
view of Urano teaches encrypting the execution logs. Therefore, the SQL statements 
are executed before they are encrypted. Note that the SQL queries are communicated 
before they are executed. 

In reference to claim 1 1 : 

Chan in view of Urano discloses the method of claim 1 0, wherein the second execution 
detail includes at least one of an access plan and a performance statistic associated 
with execution of the query . Examiner takes the Official Notice that generating 
performance statistics associated with execution of programs and queries was well- 
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known in the art at the time of invention. Urano teaches a system that collects logs 
related to execution process for the purpose of error detection and trouble shooting. It 
would have been obvious to the one skilled in art to produce performance statistics and 
log it as execution process related information, and add this feature to the combination 
of Chan over Urano. The motivation would be to enhance the error correction and 
trouble shooting capabilities by including performance statistic information. Access plan 
is also a well-known attribute related to execution process. It would have been obvious 
to the one skilled in art to include access plan information in the set of parameters of the 
combination of Chan over Urano. The motivation would be to allow implementation of 
security features to control access to programs. Note further that Applicant's Appeal 
Brief in page 19 admits that performance statistics and Access Plan are well-known in 
the art. 

In reference to claim 13: 

Chan (Column 3, lines 35-50) discloses encryption with the private key and decryption 
with the public key, but Chan in view of Urano fails to explicitly disclose encrypting the 
execution detail using a public key, and wherein the program code is configured to 
decrypt the execution detail by decrypting the execution detail using a private key paired 
with the public key. 

The examiner takes official notice that public key cryptography was well known to those 
of ordinary skill in the art at the time of invention. Public key cryptography encrypts with 
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the public key and decrypts with the private key. The method Chan is advocating is a 
digital signature algorithm which encrypts with a private key and decrypts with the public 
key. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
encrypt the SQL code with the public key and decrypt with the private key, and modify 
the teachings of Chan in view of Urano accordingly. The motivation to do so would be 
to establish the secrecy such that only the person with the private key would be able to 
read and decipher the query. 

In reference to claims 17, 18, 24, and 26: 

Requirements of claims 17, 18, 24, and 26 are substantially the same as claims 4, 5, 
11, and 13 above. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Farid Homayounmehr 
Examiner 
Art Unit: 2139 
/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



